CORS, CSP, HSTS, and all the web security acronyms!link.medium.com/jMrLJYrzBR
The Citizen Lab, an
interdisciplinary laboratory based at the Munk School of Global Affairs, University of Toronto, focusing on research, development, and high-level strategic policy and legal engagement at the intersection of information and communication technologies, human rights, and global security.
released “Security Planner” early last week. Security Planner is a tool that will guide everybody through their Internet usage habits with only few simple questions
Answer a few simple questions to get personalized recommendations of free and open-source software. It’s confidential — no personal information is stored, and we won’t access any of your online accounts.
With this information, it provides simple steps and personalized safety recommendations to follow for the improvement of individuals privacy online. The recommendations base on free- and open source projects and best practices, aiming to raise awareness and help people maintain better privacy.
Offenbar ist der Grund für den gestrigen und heutigen Ausfall der Telekom: ein bekannter Bug in TR069. Es gibt offenbar auch ein Metasploit Modul dafür.
The following came through my timelines a few days back. A guy feels guilty for what he did – as a programmer – when he was young. Basically he built a promotional website for a questionable medicaments. Apparently the drug has side effects of depression and suicidal thoughts. Only after his sister was prescribed the same medicaments, his conscience made him quit what he was doing.
If you write code for a living, there’s a chance that at some point in your career, someone will ask you to code something a little…
Source: The code I’m still ashamed of
Also, the author writes the following:
As developers, we are often one of the last lines of defense against potentially dangerous and unethical practices.
It’s a pretty sure bet everybody long enough in the Internet Business has had moments like this before. For myself, there were a few moments, where I saw an ethical border that I didn’t want to cross. As a student, this was porn. As a professional, it was weapons manufacturers.
Interestingly enough, I even quit two companies for their ambition in IT security. The first pushed datacenter-grade firewalls to small businesses that basically only needed a DSL modem. Through a sales method borrowed from insurance brokers.
The other one at least had a solid technology, but developed a solid sales pitch relying on the same FUD, that crosses that ethical border.
Just like with medication, people shouldn’t buy security out of fear, or any other product for that matter. And any technical person should strive for educating customers and not helping sales people create that fear.
Digitalisierung verlagert vieles Alltägliche ins Internet, und die Unsicherheit um den Umgang mit dieser neuen Situation wird von Sicherheitsfirmen schon lange ausgenutzt. Nun will Symantec offenbar Schutz vor Identitätsdiebstahl anbieten und dazu einen umstrittenen Anbieter übernehmen:
John Olivers ‘Last Week Tonight’ on encryption in general and the the case Apple vs. FBI in particular.
Old and busted: DDoS 4 Bitcoin
New hotness: Fake Bomb Threat 4 Bitcoin
So, this is the future of security with smart devices.